Last night I talked to my mom and dad :) They're back from Nepal. Had fun. Ah those rich people.

Last night I also worked on securing my client's site using OpenSSL for PHP. I think it's one of the most complex stuff I've ever done. Took me over 8 hours to get the implementation right (meaning I went to bed at 6am). As it stands now, even if a hacker manages to get into EVERYTHING on my server, he/she will not be able to decrypt the table of credit card numbers without a neat little password. It's done quite beautifully. I use an RSA public/private key pair to set it up. RSA is one of the sweetest little encryption systems. There's 100 more ones invented after that, but nothing so simple yet beautiful.

Basically, take two prime numbers P and Q and multiply them to get a real big number PQ. Now unless you know P and Q, you would need a big computer to factor P and Q from PQ. Well if P and Q are small, that is P=5 and Q=7, PQ=35 and if you are given 35, it's easy to find P and Q from it. But if PQ is a 10000 digit number, it's highly unlikely that you'll be able to find P and Q easily. Now, do a little more math and make D and E from P and Q. Like D could be P-Q and E could be P+Q or something. Well to get this to work, D and E are calculated in a special way as detailed here. Then encrypt the data using (PQ, E) and decrypt it using D. That's it. Unless the hacker knows D, they can't decrypt. Everytime my client needs to see credit card info for any client, just type in D, which is like a nice short word: SKYISBLUE or something, and it's decrypted. I feel so funny being excited over stuff like this. Hehe.

Add a Comment